Do you have an Instagram account?
If so, be advised that David Stier (a business consultant and researcher for CNET) has recently discovered a flaw in Instagram's website that exposed thousands of users' email addresses and phone numbers for a period of more than a month.
Mr. Stier provided screenshots and other details to Instagram demonstrating that when the source code for some users' profiles was displayed in a web browser, supposedly confidential information was plainly visible.
The exposed information ran the gamut and included the contact and personal information of individual adult users, some businesses, and an unknown number of minors. The company responded promptly and issued a patch that corrected the problem not long after they were made aware, but at this point, the damage may have already been done.
What should you do?
From a user's perspective, the best thing you can do is to change your Instagram password immediately and be on the alert that if a hacker made a copy of the information, you may be on the receiving end of phishing emails in a bid to collect even more information from you in the months ahead.
At this point, it is unknown whether any group or individual other than Mr. Stier found and made use of the exposed information. Instagram faced a similar issue several months ago, in which the company improperly protected a database containing the contact information of millions of its users, including several influencers and celebrities. This database was initially uploaded and shared by a Mumbai-based marketing firm called Chtrbox, and the information it contained is unquestionably in the wild at this point.
Our perspective
Instagram's parent company, Facebook, issued a brief statement to the effect that they were working with Chtrbox to understand exactly how they came to possess the data and how it became publicly available. At this time, however, no additional information is available. But, your data is out there now. There is no question. Look at what you need to do to protect yourself and your business. At the very least, change all of your web passwords.
Meanwhile, check out this report
Free Executive Report: 10 Hidden IT Risks That Might Threaten Your Business
The author
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. We specialize in managed IT support for smaller healthcare practices, financial services firms, and nonprofits in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations. As well as providing small business technology education programs through business and professional associations.
Contact me if you would like me to speak at your association.
